An investigation into infostealer-driven attacks on Snowflake customers shows that approximately 165 clients potentially had data stolen by financially-motivated hackers, says cyber threat intel firm Mandiant.

Snowflake, an data management platform provider, disclosed the campaign earlier this month along with a warning that customers without multifactor authentication enabled are vulnerable (see: Snowflake Clients Targeted With Credential Attacks).

Google-owned Mandiant attributed Monday the attacks to a cluster of threat activity it now tracks as UNC5537. The threat actor “has targeted hundreds of organizations worldwide, and frequently extorts victims for financial gain.”